Course Code:
webapsec
Duration:
28 hours
Prerequisites:
Programming experience, ideally with Python and Java
Overview:
Bespoke course designed specifically for University of Edingburgh
Course Outline:
Module 1: Concept to Secure Coding
- Significance/importance of secure coding
- Secure coding terminology
- Secure coding principles
- Threat modeling
- Risk Assessment
- Secure-Software Development Lifecycle (SDLC) Methodology and Web Hacking Methodology
- Secure coding resources
- the Latest Security exploits and issues related to secure coding
Module 2: Web Applications Penetration Testing
- OWASP Top 10 Attacks
- SQL injection
- Cross‐Site Scripting (XSS)
- Cross Site Request Forgery Attack (CSRF)
- Broken authentication and session management
- Session Hijacking
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Web Server Compromise
Module 3: Web Application Attacks Countermeasures
- Secure coding standards
- Secure coding best practices/patterns
- Intercepting validators
- Sanitization
- Session management
- Authentication Factors
- One Time password
- Single Sign on (SSO)
- Encryption And Hashing
- Password management
- Access control
- Error handling and logging
- File management
- Memory management
- Data validation
- Web Application Firewall (WAF)
Module 4: Standard Security Frameworks
- Java Secure Coding Best Practices
- Python Secure Coding Best Practices
- OWASP Testing Framework
- Implement Secure Development Process (SDP)
- Web application security frameworks
- Vulnerability Scanning and live scanning
- Code Review
- Quality Standards of Secure Code
- Software Security Testing
- Abuse Testing Cases